Fluid Attacks Database

Description

Mercurial Incorrect Access Control vulnerability Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	mercurial	>=0 <4.5.1	4.5.1
debian 14	mercurial	>=0 <4.5.2-1	4.5.2-1
alpine v3.6	mercurial	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.1-r1 \|\| =1.5.2-r0 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.6-r0 \|\| =1.6.2-r0 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.5-r0 \|\| =1.8-r0 \|\| =1.8.1-r0 \|\| =1.8.2-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.4-r1 \|\| =1.9-r0 \|\| =1.9.1-r0 \|\| =1.9.2-r0 \|\| =1.9.3-r0 \|\| =2.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.1-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.2.1-r0 \|\| =2.2.2-r0 \|\| =2.2.3-r0 \|\| =2.3-r0 \|\| =2.3.1-r0 \|\| =2.3.2-r0 \|\| =2.4-r0 \|\| =2.4.1-r0 \|\| =2.4.2-r0 \|\| =2.5.1-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.6-r0 \|\| =2.6.1-r0 \|\| =2.6.2-r0 \|\| =2.6.3-r0 \|\| =2.7-r0 \|\| =2.7.1-r0 \|\| =2.7.2-r0 \|\| =2.8-r0 \|\| =2.8.1-r0 \|\| =2.8.2-r0 \|\| =2.9-r0 \|\| =2.9.1-r0 \|\| =2.9.2-r0 \|\| =3.0-r0 \|\| =3.0.2-r0 \|\| =3.1-r0 \|\| =3.1.1-r0 \|\| =3.2.1-r0 \|\| =3.2.2-r0 \|\| =3.2.3-r0 \|\| =3.3-r0 \|\| =3.3.3-r0 \|\| =3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.5-r0 \|\| =3.5.1-r0 \|\| =3.5.2-r0 \|\| =3.6.2-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.8.1-r0 \|\| =3.8.2-r0 \|\| =3.8.3-r0 \|\| =3.9-r0 \|\| =3.9-r1 \|\| =3.9.1-r0 \|\| =4.0.1-r0 \|\| =4.1-r0 \|\| =4.1.1-r0 \|\| =4.1.2-r0 \|\| =4.1.3-r0 \|\| =4.3.1-r0 \|\| >=0 <4.5.2-r0	4.5.2-r0
alpine v3.5	mercurial	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.1-r1 \|\| =1.5.2-r0 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.6-r0 \|\| =1.6.2-r0 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.5-r0 \|\| =1.8-r0 \|\| =1.8.1-r0 \|\| =1.8.2-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.4-r1 \|\| =1.9-r0 \|\| =1.9.1-r0 \|\| =1.9.2-r0 \|\| =1.9.3-r0 \|\| =2.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.1-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.2.1-r0 \|\| =2.2.2-r0 \|\| =2.2.3-r0 \|\| =2.3-r0 \|\| =2.3.1-r0 \|\| =2.3.2-r0 \|\| =2.4-r0 \|\| =2.4.1-r0 \|\| =2.4.2-r0 \|\| =2.5.1-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.6-r0 \|\| =2.6.1-r0 \|\| =2.6.2-r0 \|\| =2.6.3-r0 \|\| =2.7-r0 \|\| =2.7.1-r0 \|\| =2.7.2-r0 \|\| =2.8-r0 \|\| =2.8.1-r0 \|\| =2.8.2-r0 \|\| =2.9-r0 \|\| =2.9.1-r0 \|\| =2.9.2-r0 \|\| =3.0-r0 \|\| =3.0.2-r0 \|\| =3.1-r0 \|\| =3.1.1-r0 \|\| =3.2.1-r0 \|\| =3.2.2-r0 \|\| =3.2.3-r0 \|\| =3.3-r0 \|\| =3.3.3-r0 \|\| =3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.5-r0 \|\| =3.5.1-r0 \|\| =3.5.2-r0 \|\| =3.6.2-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.8.1-r0 \|\| =3.8.2-r0 \|\| =3.8.3-r0 \|\| =3.9-r0 \|\| =3.9-r1 \|\| =3.9.1-r0 \|\| =4.0.1-r0 \|\| =4.3.1-r0 \|\| >=0 <4.5.2-r0	4.5.2-r0
debian 13	mercurial	>=0 <4.5.2-1	4.5.2-1
alpine v3.7	mercurial	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.1-r1 \|\| =1.5.2-r0 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.6-r0 \|\| =1.6.2-r0 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.5-r0 \|\| =1.8-r0 \|\| =1.8.1-r0 \|\| =1.8.2-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.4-r1 \|\| =1.9-r0 \|\| =1.9.1-r0 \|\| =1.9.2-r0 \|\| =1.9.3-r0 \|\| =2.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.1-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.2.1-r0 \|\| =2.2.2-r0 \|\| =2.2.3-r0 \|\| =2.3-r0 \|\| =2.3.1-r0 \|\| =2.3.2-r0 \|\| =2.4-r0 \|\| =2.4.1-r0 \|\| =2.4.2-r0 \|\| =2.5.1-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.6-r0 \|\| =2.6.1-r0 \|\| =2.6.2-r0 \|\| =2.6.3-r0 \|\| =2.7-r0 \|\| =2.7.1-r0 \|\| =2.7.2-r0 \|\| =2.8-r0 \|\| =2.8.1-r0 \|\| =2.8.2-r0 \|\| =2.9-r0 \|\| =2.9.1-r0 \|\| =2.9.2-r0 \|\| =3.0-r0 \|\| =3.0.2-r0 \|\| =3.1-r0 \|\| =3.1.1-r0 \|\| =3.2.1-r0 \|\| =3.2.2-r0 \|\| =3.2.3-r0 \|\| =3.3-r0 \|\| =3.3.3-r0 \|\| =3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.5-r0 \|\| =3.5.1-r0 \|\| =3.5.2-r0 \|\| =3.6.2-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.8.1-r0 \|\| =3.8.2-r0 \|\| =3.8.3-r0 \|\| =3.9-r0 \|\| =3.9-r1 \|\| =3.9.1-r0 \|\| =4.0.1-r0 \|\| =4.1-r0 \|\| =4.1.1-r0 \|\| =4.1.2-r0 \|\| =4.1.3-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.3.1-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.4-r0 \|\| =4.4.1-r0 \|\| >=0 <4.5.2-r0	4.5.2-r0
debian 11	mercurial	>=0 <4.5.2-1	4.5.2-1
debian 12	mercurial	>=0 <4.5.2-1	4.5.2-1
rpm rhel6	mercurial	-	-
rpm rhel7	mercurial	<0:2.6.2-10.el7	0:2.6.2-10.el7

Aliases

1. CVE-2018-10001322. NVD-2018-10001323. OSV-2018-10001324. OSV-DEBIAN-2018-10001325. OSV-ALPINE-2018-10001326. GCVE-2018-10001327. access.redhat.com8. lists.debian.org9. lists.debian.org10. lists.debian.org11. SECURITY-TRACKER-CVE-2018-100013212. SECURITY-CVE-2018-1000132

References

1. https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml2. https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.